How Do Computer Viruses Actually Work?

Welcome back to Ask Giz, the series where we take your questions from all across the tech and science worlds, and attempt to answer them.

We’ve had a little hiatus since our last Ask Giz, but we’re back and Giz-ier than ever. If you’d like to submit a question, feel free to on our official submissions page.

Today’s question comes from Sonia in North Lakes. Sonia wants to know: How do computer viruses actually work?

This is either a really simple question or an excruciatingly complicated one, so we’re going to stick to making it as clear and concise as possible. Let’s dive into it.How do Computer viruses actually work?

Computer viruses, or malware (as in ‘malicious software’), work by infecting computers and injecting a malicious program, similar to how biological viruses infect living beings. Much like biological viruses, the form a computer virus can take varies drastically, depending on the type and what a potential malicious actor is attempting to achieve.

For example, the WannaCry virus that infected computers all around the world in 2017 was a form of ransomware – an attack that, when it infected your computer, would demand a payment to the hacker before unlocking it. The WannaCry virus worked by exposing a technical vulnerability in the code of Windows operating systems, which had been patched in a later update. To compare this to real-world viruses, think about how your immune system may be compromised if you’re not getting all the right nutrients and vitamins to stay healthy. Software updates are like vitamins, or immune system boosters (if we keep the analogy going), but some viruses can still get through.

The trick to the WannaCry virus was that it took advantage of people and businesses that weren’t updating their operating systems, leaving them susceptible to attack.

“Were it not for the continued use of outdated computer systems and poor education around the need to update software, the damage caused by this attack could have been avoided,” antivirus company Kaspersky wrote in a blog post.

Other viruses work by similarly taking advantage of software vulnerabilities, although not every virus is designed to financially compromise the user. As written by High Touch Technologies, other virus types can sabotage your system by being RAM and resource-intensive, can hijack your browser to send you to specific websites, can compromise your saved email addresses, and can overwrite system files to inject malicious alternatives. Some viruses are even designed to compromise your entire local internet network and spread to other computers connected to it.

The term ‘trojan horse’ is often used when defining viruses, but the term is really used to describe a way viruses can be disguised when entering your system – by looking like legitimate software or files.

The best way that you can avoid viruses comes down to three key things:Keep your system updated to the latest version, and regularly update itBe aware of the risks, and use antivirus softwareOnly download files and programs from legitimate or trusted sources, and be aware of websites that may look legitimate, but are not.

On that last point, be aware of websites that appear to look legitimate but are in fact just pretending to be so. The URL ‘YouTube.com’ is the trusted web address of YouTube, Google’s video-sharing website, however, be aware of the spelling: ‘YuoTube.com’ or ‘YouTobe.com’ may in fact direct to untrustworthy websites. By extension, be very careful when you’ve been sent a link from someone you don’t know – it could be to a malicious website.

Take a look at our Complete Guide to Not Getting Hacked for some tips.

If you’d like to submit a question to be answered in a future Ask Giz instalment, we’d love to hear it.

Ask Giz is a fortnightly series where we answer your questions, be it tech, science, gadget, health or gaming related. This is a reader-involved series where we rely on Gizmodo Australia’s audience to submit questions. If you have a question for Giz, you can submit it here. Or check out the answer to our last Ask Giz: Can You Plug Too Many Things Into An Outlet?

02

Buying Second-Hand Goods? 5 Scams to Look Out For

A whopping 82% of Americans have either purchased or sold second-hand goods, according to data from OfferUp. That’s 272 million people who’ve helped to build a thriving second-hand retail market. Here, we’ll focus primarily on online resale sites like eBay, Poshmark, ThreadUp, Tradesy, Mercari, and OfferUp. Specifically, we’ll let you know what to be on the lookout for and how to protect yourself from scammers.1. Mirror site scam

A mirror site is a fake site, built to look legitimate. For example, if you’re shopping on OfferUp, the scam artist will try to guide you to click on another link to make a purchase. Once you click, you’ll find yourself on a new page, but it looks so much like the OfferUp page that you believe you’re still on the OfferUp website. You’re not.

Instead, you were given a phishing link. There, you’ll find a form that requests sensitive information, like passwords, credit card numbers, or checking account info. Any information that can be harvested and used by scammers will be.

The takeaway: Never click on a link or leave the website you’re shopping on. Purchases made through that retailer are typically protected, but anything outside of that site is fair game for those looking to rip you off.2. Overly enthusiastic buyer (or seller) scam

In this scam, the buyer or seller wants the deal done right away. They may ask for your personal email address or phone number to “speed the process along.” While your email address and phone number may seem like harmless pieces of information to share, they’re personal and can be used by identity thieves. The scammer may also ask you to text with them or otherwise communicate away from the resale site. It’s all about getting you to drop your defenses and sharing more information than you should.

The takeaway: Never leave the site you’re on, and never give a buyer or seller more personal information than you would offer a total stranger sharing an elevator with you.3. Overpayment scam

This one is frighteningly simple. You sell an item for $100, and the buyer sends you a payment for $150. Soon after, they contact you and say they’ve made a mistake. They ask you to return the extra $50 or the entire $150 so they can issue a new payment for the correct amount. However, the original payment was fraudulent and would never have gone through.

The takeaway: No matter how you’re paid, make sure the payment is fully processed and in your bank account before you issue a refund.4. Code verification scam

In this scam, the bad actor will pose as a buyer. Before they make the purchase, though, they want to “make sure you’re a real person.” They ask for your phone number so they can text you a verification code. The code they send actually contains a malicious link that’s designed to steal everything from your account login to your personal financial information.

The takeaway:Protect your personal information by never clicking on a verification link.5. Nothing but a box scam

It’s hard to believe that anyone still pulls this scam, but it’s been effective enough to keep it alive. With this scam, a person posts a photo of a box that you assume holds the item you’re bidding on or buying. For example, it may be a new laptop, game console, or tennis shoes. The price seems too good to be true, so you jump on the deal. You pay for the item, but when it arrives it’s nothing more than an empty box.

The takeaway: Make sure you see what’s in the box. While that doesn’t guarantee that you’ll receive more than an empty box, it does make it slightly less likely.

The best thing you can do is to ensure you’re shopping through sites that have your back if you are scammed. Reputable sites have a refund policy that applies to anyone who’s lost money due to the actions of a scammer.Alert: highest cash back card we’ve seen now has 0% intro APR until nearly 2025

If you’re using the wrong credit or debit card, it could be costing you serious money. Our experts love this top pick, which features a 0% intro APR for 15 months, an insane cash back rate of up to 5%, and all somehow for no annual fee. 

In fact, this card is so good that our experts even use it personally. Click here to read our full review for free and apply in just 2 minutes. 

Read our free review

03

9 Red Flags You’re About to Click on a Fake Social Media Ad

The price point is absurdly low

Massive discounts on branded items are a telltale sign that this is a fake ad on social media. While you can buy a pair of basic jeans that cost $20 or a pair of designer jeans for $300, name-brand items are rarely deeply discounted without a scam component. “There are no $10 iPhones, and Apple isn’t looking to give you a free virtual-reality headset for your feedback,” Hauk says.

Pro tip: “If the ad promises you valuable, high-demand brand apparel, beauty products, electronics, luxury goods or rare collectibles at a price point that’s absurdly lower than everyone else’s, it’s probably either a counterfeit product or a counterfeit store,” says Monica Eaton, owner and founder of Chargebacks911. “There’s a lot of both on the internet.”The URL doesn’t begin with https://

If you’ve clicked on a social media ad and have been taken to a website, check the URL. If it doesn’t begin with https://, that’s a red flag, and they could be running an online shopping scam. “The ‘s’ indicates a higher level of encryption security,” Eaton says. “Most scam sites are http, because http sites are cheaper. So, if you see an ad that sends you to a website that’s http, please be extra careful, especially if it’s (allegedly) from a well-known e-store, hotel, airline or any large, international brand.”

Most mainstream e-commerce sites begin with https, including Amazon, Walmart and Target, plus the major airlines, banks, car rentals, hospitals, social services and hotel chains, says Eaton.

Pro tip: Rather than clicking on an ad to see its deal, Google and find the brand’s legitimate website. Then manually search for the deal you saw, says Hauk.It asks for your credit card information first

It’s a red flag if your payment information comes before other details or if they DM you asking for credit card info to pay for the item. “When the unsuspecting consumer plugs in their credit card information, scammers use the data to steal from their bank account,” Eaton says. To protect your online security, never submit your personal data or share your credit card info with these social media accounts or websites. And even if you don’t attempt to purchase anything, limit your time spent on any malicious or fake website, as it could open you up to phishing and bank scams.

Pro tip: Never use your debit card online. Instead, use a credit card, suggests Eaton. “If you get ripped off, a debit card offers extremely limited protection, and if you fail to catch the fraudulent charges quickly enough, you could literally lose every last penny in your bank account,” she says. “Credit cards protect you far more comprehensively because credit cards are federally protected from the major fraud categories. The same protections aren’t extended to debit cards.”